From: Victor Julien <vjulien@oisf.net>
Date: Mon, 13 Mar 2023 12:53:32 +0000 (+0100)
Subject: detect/analyzer: add more pcre detail
X-Git-Tag: suricata-7.0.0-rc2~515
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2b85ab0ba18741f2d2873570cd5525c0f916790f;p=thirdparty%2Fsuricata.git

detect/analyzer: add more pcre detail
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index cac327c87d..38780d8a8b 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -34,6 +34,7 @@
 #include "detect-engine-mpm.h"
 #include "conf.h"
 #include "detect-content.h"
+#include "detect-pcre.h"
 #include "detect-flow.h"
 #include "detect-tcp-flags.h"
 #include "feature.h"
@@ -641,6 +642,14 @@ static void DumpContent(JsonBuilder *js, const DetectContentData *cd)
     jb_set_bool(js, "fast_pattern", cd->flags & DETECT_CONTENT_FAST_PATTERN);
 }
 
+static void DumpPcre(JsonBuilder *js, const DetectPcreData *cd)
+{
+    jb_set_bool(js, "relative", cd->flags & DETECT_PCRE_RELATIVE);
+    jb_set_bool(js, "relative_next", cd->flags & DETECT_PCRE_RELATIVE_NEXT);
+    jb_set_bool(js, "nocase", cd->flags & DETECT_PCRE_CASELESS);
+    jb_set_bool(js, "negated", cd->flags & DETECT_PCRE_NEGATE);
+}
+
 static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *smd)
 {
     if (smd == NULL)
@@ -675,6 +684,14 @@ static void DumpMatches(RuleAnalyzer *ctx, JsonBuilder *js, const SigMatchData *
                 jb_close(js);
                 break;
             }
+            case DETECT_PCRE: {
+                const DetectPcreData *cd = (const DetectPcreData *)smd->ctx;
+
+                jb_open_object(js, "pcre");
+                DumpPcre(js, cd);
+                jb_close(js);
+                break;
+            }
         }
         jb_close(js);